[SERVER-27768] Implement HMAC key for signing Logical clock's storage & distribution Created: 20/Jan/17  Updated: 13/Jul/17  Resolved: 02/Mar/17

Status: Closed
Project: Core Server
Component/s: Sharding
Affects Version/s: 3.5.1
Fix Version/s: 3.5.4

Type: Task Priority: Major - P3
Reporter: Randolph Tan Assignee: Jack Mulrow
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Backwards Compatibility: Fully Compatible
Sprint: Sharding 2017-03-06
Participants:
Linked BF Score: 0

 Description   

The key that the mongos and mongod will use to verify the clusterTime will be generated by the config server primary during transition to primary. It will be stored in the admin.system.keys with the following format:

{
    _id: 'clusterTimeKey',
    key: <20 byte key generated with secure PRNG in BinData>
}

The mongos or mongod would need to extract this key auth so it would be able to sign or verify the logicalTime metadata when it interacts with the client.

// POC for TimeProofService that will be owned by LogicalClock to sign and verify signatures.
namespace mongo {
class TimeProofService {
public:
    using TimeProof = SHA1Hash;
 
    TimeProof getProof(const LogicalTime& time) const {
        auto timeStr = time.toString();
        return hmacSha1(_key.c_str(), _key.size(), timeStr.c_str(), timeStr.length());
    }
 
    Status checkProof(const LogicalTime& time, const TimeProof& proof) const {
        auto myProof = getProof(time);
        if (myProof != proof) {
             return Error;
        }
 
        return Status::OK();
    }
 
private:
    std::string _key;
};
}

Accessing and storing the key on the config server will be addressed in SERVER-28178



 Comments   
Comment by Githook User [ 02/Mar/17 ]

Author:

{u'username': u'jsmulrow', u'name': u'Jack Mulrow', u'email': u'jack.mulrow@mongodb.com'}

Message: SERVER-27768 Implement HMAC key for signing Logical clock's storage & distribution
Branch: master
https://github.com/mongodb/mongo/commit/0d408153594e2e2366e0729397ca2890f00b026c

Generated at Thu Feb 08 04:16:11 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.